Contact:

In 2005, the Department of State (State) began issuing electronic passports (e-passports) with embedded computer chips that store information identical to that printed in the passport. By agreement with State, the U.S. Government Printing Office (GPO) produces blank e-passport books. Two foreign companies are used by GPO to produce e-passport covers, including the computer chips embedded in them. At U.S. ports of entry, the Department of Homeland Security (DHS) inspects passports. GAO was asked to examine potential risks to national security posed by using foreign suppliers for U.S. e-passport computer chips. This report specifically examines the following two risks: (1) Can the computer chips used in U.S. e-passports be altered or forged to fraudulently enter the United States? (2) What risk could malicious code on the U.S. e-passport computer chip pose to national security? To conduct this work, GAO reviewed documents and interviewed officials at State, GPO, and DHS relating to the U.S. e-passport design and manufacturing and e-passport inspection systems and procedures.

State has developed a comprehensive set of controls to govern the operation and management of a system to generate and write a security feature called a digital signature on the chip of each e-passport it issues. When verified, digital signatures can help provide reasonable assurance that data placed on the chip by State have not been altered or forged. However, DHS does not have the capability to fully verify the digital signatures because it has not deployed e-passport readers to all of its ports of entry and it has not implemented the system functionality necessary to perform the verification. Because the value of security features depends not only on their solid design, but also on an inspection process that uses them, the additional security against forgery and counterfeiting that could be provided by the inclusion of computer chips on e-passports issued by the United States and foreign countries, including those participating in the visa waiver program, is not fully realized. Protections designed into the U.S. e-passport computer chip limit the risks of malicious code being resident on the chip, a necessary precondition for a malicious code attack to occur from the chip against computer systems that read them. GPO and State have taken additional actions to decrease the likelihood that malicious code could be introduced onto the chip. While these steps do not provide complete assurance that the chips are free from malicious code, the limited communications between the e-passport chip and agency computers significantly lowers the risk that malicious code--if resident on an e-passport chip--could pose to agency computers. Finally, given that no protection can be considered foolproof, DHS still needs to address deficiencies noted in our previous work on its computer systems to mitigate the impact of any malicious code that may be read from e-passport computer chips and infect those systems.

Recommendations for Executive Action

Status: Closed - Not Implemented

Comments: DHS concurred with this recommendation and in a May 26, 2010, letter stated that CBP will be developing a system to validate the digital signature of e-passports at ports of entry. Further, a database will be created of the digital certificates of U.S. e-passports that will be compatible with the validation system. In July 2011, CBP officials stated that while they have studied the issue, because of other high-priority demands, they have not been able to devote the necessary resources to design and develop a digital signature validation system. CBP officials believe such a system would aid in the inspection of e-passports and plan to revisit the issue in the next fiscal year. In January 2014, CBP officials stated that it will not be implementing a system to fully verify electronic passport digital signatures. They stated that they have had to devote their limited resources to higher-priority demands. They further stated that it was unclear whether such an investment would be worth the incremental security benefit given the biometric and biographic checks that are currently conducted on visa-holding and visa waiver travelers entering the United States.

Recommendation: To ensure that border officers can more fully utilize the security features of electronic passports, the Secretary of Homeland Security should design and implement the systems functionality and databases needed to fully verify electronic passport digital signatures at U.S. ports of entry to provide greater assurance that electronic passport data were written by the issuing nation and have not been altered or forged.

Agency Affected: Department of Homeland Security

Status: Closed - Not Implemented

Comments: DHS concurred with this recommendation and in a May 26, 2010, letter stated that CBP would work with State to obtain the digital certificates used for issuing U.S. e-passports. DHS further stated in its letter that CBP would continue working with State to determine the feasibility and costs of establishing a repository for the digital certificates of other nations' e-passports. In July 2011, CBP officials stated that while it could easily obtain the digital certificates from State, it has not yet done so because it has not developed the systems functionality to verify them. For non-U.S. e-passports, CBP officials stated that they have been working with State, but they have not yet identified a cost-effective mechanism to obtain digital certificates from other nations issuing e-passports. In January 2014, CBP officials stated that because it would not be implementing the systems functionality to fully verify electronic passport digital signatures, it would also not be obtaining the digital certificates to validate the digital signatures. CBP officials stated that for U.S. passports, CBP officers at the ports of entry can compare the passport data with State Department data to help validate the passport.

Recommendation: To ensure that border officers can more fully utilize the security features of electronic passports, the Secretary of Homeland Security, in coordination with the Secretary of State, should develop and implement an approach to obtain the digital certificates necessary to validate the digital signatures on U.S. and other nations' electronic passports to provide greater assurance that electronic passport data were written by the issuing nation and have not been altered or forged.